Anatomy of an X.509 v3 Certificate

A binary hex display for a typical X.509 v3 binary DER certificate is shown below.
The first 4 bytes are the ASN.1 sequence DER encoding with remaining bytes (0x04A2).
Next we have the exact binary data ("TBSCertificate") covered by the signature on the
certificate as shown in blue. This section includes the
required certificate fields (ordered sequence of certificate version,
serial number, signature algorithm ID, issuer (signer), validity period, subject, public key)
followed by optional extensions, encoded in ASN.1 format. For the detailed specification, see
IEFT RFC 3280.
Next comes the encoded
signature-algorithm specifier. Finally the actual PKCS #1 v1.5 signature
blob (128 bytes, same size as the public key modulus corresponding to the private key used
to sign this certificate) is shown in red.